all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Unpacking VIDAR using Time-Travel Debugging (TTD) in WinDbg Preview

Add to bookmarks
Jan. 12, 2023, 7 p.m. | Dr Josh Stroschein

Dr Josh Stroschein www.youtube.com

In the last video, we looked for signs of packing in our malicious sample using IDA Pro. What we found was fairly clear evidence of the use of process hollowing, a common technique of code injection used by malware authors. In this video, I'll introduce Time-Travel Debugging (TTD) in WinDbg Preview. TTD allows you to create a trace of a debug session, then easily step forwards and backwards in the session. This can streamline your debug sessions as you no …

authors code code injection debug debugging hollowing ida ida pro injection malicious malware preview pro process process hollowing session trace travel unpacking vidar video windbg

Visit resource

More from www.youtube.com / Dr Josh Stroschein

🔴 Malware Mondays Episode 03 - Network Simulation and Analysis with Fakenet-NG and Wireshark 1 day, 20 hours ago | www.youtube.com
analysis episode flare focus +10
🔴 Malware Mondays Episode 02 - Investigating Processes with Process Explorer and System Informer 1 month, 1 week ago | www.youtube.com
basics episode explorer focus +10
MM#02 - Uncover Program Behavior! Build a Sample Program to Investigate w/ Process Explorer | … 1 month, 2 weeks ago | www.youtube.com
basics build episode explorer +12
Malware Mondays?!? Learn more 1 month, 3 weeks ago | www.youtube.com
learn malware
Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 2 months ago | www.youtube.com
artifact data goal learn +11
MM#01 - How to Capture Malicious Activity with Process Monitor! Using ProcMon with Amadey Malware 2 months, 2 weeks ago | www.youtube.com
amadey artifacts capture data +11
Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 2 months, 2 weeks ago | www.youtube.com
artifact data goal learn +11
Why Do You Need to Know Assembly to Use IDAPro or Ghidra? Exploring disassembly and … 2 months, 2 weeks ago | www.youtube.com
assembly disassembly effectively ghidra +9
Ease Shellcode Analysis with SCLauncher! Learn how-to wrap shellcode into a PE file 2 months, 3 weeks ago | www.youtube.com
analysis debugging development easy +18

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com